RE: CRIME Virus list

From: brvarin@private
Date: Wed May 22 2002 - 12:28:12 PDT

Next message: John McHugh: "Re: CRIME Virus list"

Previous message: Dorning, Kevin E - DI-2: "RE: CRIME Virus list"
Maybe in reply to: Steve Nichols: "CRIME Virus list"
Next in thread: VICTORIA.EVANS@private: "RE: CRIME Virus list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One more approach if you have it would be to utilize any network IDS sensor
that you may have on your network. Most Network IDS have the ability to
send out TCP Resets to both ends when a certain criteria is met. WIth Snort
and Real Secure you can write a rule that will recognize a file name coming
in via HTTP, FTP, Etc. and kill that connection. It's probably not
something you would want to program in for every *.exe, etc. but it's one
more countermeasure for the more frequent things like Klez and Nimda.

Next message: John McHugh: "Re: CRIME Virus list"
Previous message: Dorning, Kevin E - DI-2: "RE: CRIME Virus list"
Maybe in reply to: Steve Nichols: "CRIME Virus list"
Next in thread: VICTORIA.EVANS@private: "RE: CRIME Virus list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:28 PDT